D-Link DI-8100 Stack-Based Buffer Overflow Vulnerability in HTTP Handler

A stack-based buffer overflow vulnerability has been identified in the D-Link DI-8100 router, specifically in the firmware version 16.07.26A1. The issue arises in the 'auto_reboot.asp' file within the HTTP Handler component. The vulnerability is triggered by the 'sprintf' function, which improperly handles user-controlled 'enable' and 'time' parameters, leading to memory corruption. This flaw allows for remote exploitation, causing the HTTP daemon to crash or potentially execute arbitrary code.

Impact

Exploitation of this vulnerability could result in arbitrary code execution, allowing an attacker to gain full control of the router. This could lead to unauthorized access to internal networks or disruption of network connectivity. Additionally, the vulnerability could be used to conduct a remote denial-of-service attack, causing the router to crash and require a manual reboot to restore functionality.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/auto_reboot.asp' endpoint with overly long 'enable' and 'time' parameters. This can be done using a tool like curl, after logging in with valid credentials.